Improper Input Validation

Affecting ansible package, versions [2.8.0,2.8.6) || [2.7.0,2.7.14) || [,2.6.20)

Do your applications use this vulnerable package? Test your applications

Overview

ansible is a simple IT automation system.

Affected versions of this package are vulnerable to Improper Input Validation. The fix made in Ansible for CVE-2019-10206 was not sufficient to resolve the problem.

Remediation

Upgrade ansible to version 2.8.6, 2.7.14, 2.6.20 or higher.

References

CVSS Score

6.4
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    Low
  • User Interaction
    Required
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    None
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Credit
Unknown
CVE
CVE-2019-14856
CWE
CWE-20
Snyk ID
SNYK-PYTHON-ANSIBLE-535625
Disclosed
22 Nov, 2019
Published
26 Nov, 2019